One of the most important new feature on Windows Server 2016 TP4 is the Nested Virtualization. This feature allows to create an Hyper-V environment into another Hyper-V.
In this moment the first supported role that use this technology is Hyper-V Container, to isolate and separate process between Host Container and Containers.
From my point of view there’s another potential scenario: create separate Hyper-V host into one single machine. If you are a Service Provider, you could provide an entire Hyper-V host to a specific customer, without give him the real hardware. Could be Microsoft Azure the first one?
Nested Virtualization is present on Windows Server 2016 TP4 but also on Windows 10 (Yes Franky!). Before start with configuration, remember that:
- 4 GB RAM available minimum are required for VM
- Host and VM must run that same build – at least build 10565
- Intel VT-x is required and there is no support for AMV-V
Another critical point is check if your host supports HostNestedVirtualization; to do this download and run this script:
Invoke-WebRequest https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/hyperv-tools/Nested/Get-NestedVirtStatus.ps1 -OutFile C:\Get-NestedStatus.ps1
Ready for rock ‘n roll? After VM’s creation, run this PowerShell cmdlet from your host:
Invoke-WebRequest https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/hyperv-tools/Nested/Enable-NestedVm.ps1 -OutFile C:\Enable-NestedVm.ps1
Execute the file with the name of your VM:
C:\Enable-NestedVm.ps1 -VmName “MyNestedHost”
This script does:
- Disables Dynamic Memory on VM
- Sets minimum required 4 GB static memory to VM
- Enables virtualization extensions
- Enables MAC Address Spoofing
Now it’s time to enable Hyper-V Role on your VM with these cmdlets:
Add-WindowsFeature RSAT-Hyper-V-Tool -IncludeAllSubFeature
Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -Online
Restart your VM and test the new toy! It works!
Keep in mind that there are a couple of limitations/bugs:
- Hosts with Device Guard enabled cannot expose virtualization extensions to guests
- Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization
- No Dynamic memory
- No Runtime memory resize
- No checkpoints to a running VM
- No Live migration
- No Save/restore
Too cool, right? Test Nested Virtualization today! Download Windows Server 2016 TP4